/** * Check if a user has a permanent login token. If so, log them in. * * * @return void */ public function checkForPermanentLoginToken() { if (\Data::hasCookie(self::PERM_LOGIN_COOKIE_NAME)) { $cookie = \Data::getCookie(self::PERM_LOGIN_COOKIE_NAME); $p = explode('|', $cookie); $id = array_shift($p); $user_id = array_shift($p); $mac = array_pop($p); $token = join('|', $p); $secret = \App::config('AES_KEY256'); if ($mac !== hash_hmac('sha256', $id . '|' . $user_id . '|' . $token, $secret)) { return false; } //if $LoginToken = \App\record\UserLoginToken::find(array('id' => $id, 'user_id' => $user_id), array('id,user_id,token')); if ($LoginToken !== false && \Crypt::timingSafeCompare($LoginToken['token'], $token)) { \Session::set($this->getSessionKey(), $user_id); \Session::regen(); $this->user_id = $user_id; $this->logged_in = true; $LoginToken['last_accessed_date'] = array('raw' => 'NOW()'); $LoginToken->update(); } //if } //if }